logo
 
  1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Konan - Advanced Web Application Dir Scanner


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

➤ Konan - Advanced Web Application Dir Scanner

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen Nachrichten Bewertung


Konan is an advanced open source tool designed to brute force directories and files names on web/application servers.

Installation
Download Konan by cloning the Git repository:
git clone https://github.com/m4ll0k/Konan.git konan
Install requirements with pip
cd konan && pip install -r requirements.txt
Run Konan
python konan.py

Support Platforms
  • Linux
  • Windows
  • MacOSX

Features
Features Konan dirsearch dirb gobuster
MultiThreaded yes yes yes yes
Multiple Extensions yes yes no no
HTTP Proxy Support yes yes yes yes
Reporting yes (text and json) yes (text and json) yes (text) no
User-Agent randomization yes yes no no
Ignore word in wordlist using regexp yes no no no
Split extension in wordlist yes no no no
Multiple Methods yes no no no
Response Size Process yes no no no
Provide Sub-Dir for Brute Force yes no no no
Provide Dir for Recursively Brute Force yes no no no
URL Injection Point yes no no no

Usage
Basic:
  • python konan.py -u/--url http://example.com/
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 01:32:57 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 01:33:12 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.php
8.77% - 01:40:02 - 302 - GET - 14 - http://testphp.vulnweb.com/userinfo.php -> login.php
Injection Point:
  • python konan.py -u/--url http://example.com/%%/index.php
URL: http://testphp.vulnweb.com/%%/index.php

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test/index.php
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search/index.php
  • python konan.py -u/--url http://example.com/test%% -w /root/numbers.txt
URL: http://testphp.vulnweb.com/test%%

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test12
0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/test34
Provide wordlist, default /db/dict.txt:
  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt
Provide extensions with -f/--force option:
  • python konan.py -u/--url http://example.com/ -e/--extension php,html -f/--force
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 02:00:21 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.html
0.43% - 02:00:23 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php
0.54% - 02:00:30 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php
0.81% - 02:00:46 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.html
0.87% - 02:00:50 - 200 - GET - 6115 - http://testphp.vulnweb.com/categories.html
Provide status code exclusion:
  • python konan.py -u/--url http://example.com/ -x/--exclude 400,403,401
Provide only status code for output:
  • python konan.py -u/--url http://example.com/ -o/--only 200,301,302
Wordlist lowercase (isATest -> isatest) and uppercase (isAtest -> ISATEST):
  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt [-l/--lowercase OR -p/--uppercase]
Wordlist split (test.php -> to -> test):
  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt -s/--split
Wordlist Ignore word,letters,number,..etc provided by regexp (\w*.php|\w*.html,^[0-9_-]+):_
  • python konan.py -u/--url http://example.com/ -w/--wordlist -I/--ignore "\?+"
Output without -I/--ignore options:
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.39% - 02:06:31 - 200 - GET - 4958 - http://testphp.vulnweb.com/???.php
0.43% - 02:06:32 - 200 - GET - 4732 - http://testphp.vulnweb.com/???????????
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/
Output with -I/--ignore (in this case \?+) options:
 URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/
Recursive:_
  • python konan.py -u/--url http://example.com/ -E/--recursive
Recursive directory found and directory provided by -D/--dir-rec:
  • python konan.py -u/--url http://example.com/ -E/--recursive -D/--dir-rec "admin,tests,dev,internal"
Brute Force directory provided by -S/--sub-dir:
  • python konan.py -u/--url http://example.com/ -S/--sub-dir "admin,test,internal,dev"
Multiple Methods (check GET,POST,PUT and DELETE for word entry):
Note: Much web application if not make the request with right method return 404 code, this option test all methods
  • python konan.py -u/--url http://example.com/ -m/--methods"
Content size process (show response if the response size is ">[number]","<[number]","=[number]"):
  • python konan.py -u/--url http://example.com/ -C/--lenght "<1000"
URL: http://testphp.vulnweb.com/

PERCENT - TIME - CODE - METHOD - LENGHT - URL
-------------------------------------------------------
0.19% - 02:11:46 - 301 - GET - 184 - http://testphp.vulnweb.com/admin -> http://testphp.vulnweb.com/admin/
1.73% - 02:12:37 - 301 - GET - 184 - http://testphp.vulnweb.com/images -> http://testphp.vulnweb.com/images/


...

➥ Externe Webseite mit kompletten Inhalt öffnen

Kommentiere zu Konan - Advanced Web Application Dir Scanner






➤ Ähnliche Beiträge

  • 1.

    Konan - Advanced Web Application Dir Scanner

    vom 919.61 Punkte ic_school_black_18dp
    Konan is an advanced open source tool designed to brute force directories and files names on web/application servers. InstallationDownload Konan by cloning the Git repository:git clone https://github.com/m4ll0k/Konan.git konanInstall requirements with
  • 2.

    Getting Santa Tracker Into Shape

    vom 533.63 Punkte ic_school_black_18dp
    Posted by Sam Stern, Developer Programs Engineer Santa Tracker is a holiday tradition at Google.  In addition to bringing seasonal joy to millions of users around the world, it's a yearly testing ground for the latest APIs and techniques in app deve
  • 3.

    Announcing Open Registration and Exhibitors for Google Play Indie Games Festival in San Francisco, Sept. 24

    vom 423.22 Punkte ic_school_black_18dp
    Posted by Jamil Moledina, Google Play, Games Strategic Lead To celebrate the art of the latest innovative indie games, we’re hosting the first Google Play Indie Games Festival in North America on September 24th in San Francisco. At the festival,
  • 4.

    ConstraintLayout 2.0.0 alpha 4

    vom 423.22 Punkte ic_school_black_18dp
    We just released ConstraintLayout 2.0.0 alpha 4. It’s available from the google maven repository: dependencies {   implementation 'com.android.support.constraint:constraint-layout:2.0.0-alpha4' } or if using the AndroidX packages: dependencies {
  • 5.

    MMD-0037-2015 - A bad Shellshock & Linux/XOR.DDoS CNC "under the hood"

    vom 376.98 Punkte ic_school_black_18dp
    The background Yesterday was a hectic day when we gathered to check all recent ELF threats cross-fired in the internet traffic when I was informed of a recent shellshock attack. Seeing the command pattern of the one-liner shell executed script used I knew
  • 6.

    Intent to Explain: Demystifying the Blink Shipping Process

    vom 314.23 Punkte ic_school_black_18dp
    If you’re a standards-curious web developer, you may have wondered how features get added to browsers, or even how the Chrome team decides what they will work on. You probably also have, at least at some point, thought to yourself “I have this urge
  • 7.

    VirusTotal MultiSandbox += SNDBOX

    vom 304.56 Punkte ic_school_black_18dp
    Today, VirusTotal is happy to welcome SNDBOX to the Multi-sandbox project. SNDBOX is a cloud based automated malware analysis platform. SNDBOX advanced dynamic analysis capabilities gives additional insights and visibility intro a variety of file-types. In their own word
  • 8.

    ConstraintLayout 2.0.0 beta 1

    vom 299.02 Punkte ic_school_black_18dp
    We are happy to announce the release of ConstraintLayout 2.0 beta 1. APIs are now considered stable for the remaining of the 2.0 release cycle.It’s available from the google maven repository: dependencies {   implementation 'com.android.support.const
  • 9.

    And the winners of the Google Play Indie Games Contest in Europe are...

    vom 276.01 Punkte ic_school_black_18dp
    Posted by Matteo Vallone, Google Play Games Business Development Today, at Saatchi Gallery in London, we hosted the final event of the first Google Play Indie Games Contest in Europe. The 20 finalists, selected from nearly 1000 submissions, came
  • 10.

    ConstraintLayout 2.0.0 alpha 5

    vom 266.81 Punkte ic_school_black_18dp
    We just released ConstraintLayout 2.0.0 alpha 5. It’s available from the google maven repository: dependencies {   implementation 'com.android.support.constraint:constraint-layout:2.0.0-alpha5' } or if using the AndroidX packages: dependencies {    implementation 'androidx.constraintlayout:constraintlayout:2.0
  • 11.

    ConstraintLayout 2.0.0 alpha 5

    vom 266.81 Punkte ic_school_black_18dp
    We just released ConstraintLayout 2.0.0 alpha 5. It’s available from the google maven repository: dependencies {   implementation 'com.android.support.constraint:constraint-layout:2.0.0-alpha5' } or if using the AndroidX packages: dependencies {    implementation 'androidx.constraintlayout:constraintlayout:2.0
  • 12.

    D-Link DGS-1510-28XMP bis 1.31 erweiterte Rechte [CVE-2017-6205]

    vom 261.54 Punkte ic_school_black_18dp
    Es wurde eine kritische Schwachstelle in D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28 sowie DGS-1510-20 bis 1.31 gefunden. Hiervon betroffen ist eine unbekannte Funktion. Durch die Manipulation mit einer un